How can distinguish the request on HTTP from web browser or mobile device(app) in PHP?

Question

I am developing web site and mobile(iPhone/iPad, Android) app version.
A web site and mobile app is accessing to same URLs. eg http://xxx.xxx.xxx/register.php
So, as you know, on mobile apps there are no SESSION concept for PHP.
So, I need to distinguish what is the web browser requesting or app requesting for mobile device on the any requesting on single URL.
NOTE!!!! This is not the problem to distinguish the mobile web browser using USER AGENT property
How can I distinguish the request what is the request from browser(PC/Mobile Browser) ? or from mobile app?
And also, I hope not to use the $_GET[] variable for this problem when requesting.
Please help me.

Kind regards

Answer 1

You can use the user agent string to differentiate between different browsers and apps. In PHP, you can retrieve it via $_SERVER['HTTP_USER_AGENT'] .

Answer 2

I think you're getting several things wrong here. Sessions are a mere artifact based on cookies, but instead of sending the raw data to the client PHP in a cookie PHP just send an ID.

You can set PHP to handle sessions via GET, but your app will have to handle this. And you could provide different endpoints for the mobile app and the normal user. You can also (in most environments) set the user agent to something your PHP app can handle.

Anyway, if you're not implementing COOKIES (or sessions for that matter) in your mobile app you will have to use either custom headers, GET or POST.

Answer 3

You're going about it the wrong way. There are both mobile browsers that do support sessions as well as desktop browsers with sessions disabled. To detect a mobile browser, the only way would be to use the user agent string, however this can be modified quite easily. A better solution would be to actually detect whether sessions are enabled. You can do this with JavaScript. In your main PHP script start the session and set some sort of variable:

session_start();
$_SESSION['var'] = "test";

And then you can send an AJAX request to see whether it actually started or not. Here is a jQuery example:

var session_check = $.ajax({
    url: "/ajax-check-session.php",
    type: "get"
});

var sessions = true;
session_check.done(function (session_response, textStatus, jqXHR){
    if (session_response != "enabled") {
        sessions = false;
    }

    if (sessions == false) {
        // sessions are disabled
    }
    else {
        // sessions are enabled
    }
});

And ajax-check-session.php:

session_start();
if (count($_SESSION) == 0) {
    echo "Sessions are disabled";
}
echo "enabled";

However keep in mind that probably a high percentage of people who have purposely disabled sessions have also purposely disabled javascript. If you decide to make JS necessary (which is usually a bad idea), you can handle this by using the <noscript> tag, telling people that they need JS enabled in order to use your site, and then when they enable JS, you can handle disabled sessions.